Author: Natalie Walsh

Natalie Walsh is the Product Marketing Manager at Threat Stack, where she helps to define and articulate how Threat Stack's products bring value to our customers. She landed a marketing job in cybersecurity right after college, loved it, and isn't leaving the industry anytime soon. When she isn't working, Natalie enjoys traveling and exploring her home city of Boston.

Security Observability has become an important concept recently as companies have started building software with a cloud-native mindset, embracing distributed, immutable, and ephemeral systems. As infrastructure has shifted from traditional deployment methods, older monitoring systems are no longer effective, and a new set of practices — called “observability” — has emerged.

Kubernetes is a multi-functional, container-centric platform for managing workloads and services. Given the fact that containers and container orchestration can dramatically improve costs, flexibility, and resilience, it’s no mystery why Kubernetes has soared in popularity since Google open-sourced it in 2014.

On one hand, it’s a powerful orchestration tool; on the other, it’s not a silver bullet that will solve all your problems. In fact, at the same time that it helps to manage dynamic infrastructure, it also introduces new vulnerabilities that pose a threat to security. To understand the value of Kubernetes, how to integrate it in a way that improves operational efficiency, and how to guard against the new vulnerabilities that container orchestration introduces, it’s critical that you have more than a passing knowledge.

So if you’re ready to start diving into Kubernetes, you’ve come to the right place. Below, we’ve curated a list of 50 top quality tutorials to help you fully understand Kubernetes architecture and best practices.Read more “50 Best Kubernetes Architecture Tutorials”

Machine Learning (ML) has been around in one form or another for a long time. Arthur Samuel, started working in the field in 1949 and coined the term in 1959 while working at IBM. Over the years, ML applications have been developed in practically every industry sector.

Recently, we’ve been hearing a lot about “silver bullet” ML-based cybersecurity solutions that can single handedly and automatically enable short-staffed security teams to identify and mitigate every kind of security threat imaginable. Of course, silver bullet solutions are as old as security itself, and by definition, they’re almost always too good to be true. So is the current crop of ML-driven cybersecurity solutions real or hype?

Approximately 50,000 attendees descended on San Francisco’s Moscone Center April 16–20 for RSA Conference 2018. With cyberthreats on the upswing, this year’s theme of “Now Matters” was especially apt, and a wide range of keynotes, sessions, and courses covering cybersecurity today didn’t disappoint. In this post, we’ll recap some of the highlights in a day-by-day rundown of the most interesting sessions, keynotes, and events. Whether you were able to attend or not, we want to share some of the great resources and information that came out of the conference. Read more “Highlights From RSA Conference 2018”

It is very clear by now that the cloud has reached an inflection point. Public cloud investment continues its rapid expansion, driven in large part by business imperatives for speed and scale. Gartner projects 18% cloud growth in 2017, with an increase of 36.8% for IaaS. So, the odds are your company is running at least some of its infrastructure in the public cloud.

Of course, no matter how many benefits it offers, it is often not possible for organizations to make a clean leap to the cloud. Many find themselves with infrastructures that include cloud, multi-cloud, hybrid, on-premise, and containerized environments. So what do you need to do to protect these complex structures?

Cloud technologies and traditional security processes are as bad a match as stripes and polka dots. They simply aren’t built to mix well together. As companies adopt cloud technologies, security teams are scrambling to apply what they know to this new way of doing business. But they’re quickly realizing how different an on-prem mindset is from one that’s geared to the cloud. Namely because, in an on-premise environment, security is based on the perimeter. In the cloud, however, there is no defined perimeter, and a seemingly endless number of endpoints. In the face of this, security needs to shift in a major way.

Aligning security with your organization’s greater business needs is becoming increasingly important, but how do you actually do it? What it comes down to is being able to map security to business objectives. Done right, security can be a major business driver. Today, everyone from finance to DevOps to sales and engineering has security top of mind, at least if they know what’s good for them.

Gartner predicts that 95% of cloud security failures from now until 2020 will be the customer’s fault. That means when something goes wrong, it’s probably not AWS or Azure’s fault. Chances are, you have to point the finger at your organization.

Or — better yet — you could take the necessary and proactive steps to minimize the likelihood that you’ll become one of the cloud security failures. The good news is that it’s pretty easy to find out what you need to do. Below we’ll outline the steps to make sure that you stay out of the headlines and out of the statistics. Read more “Whose Fault is That? How NOT to Be a Cloud Security Statistic”

Recently, headlines were hyping the largest ever exposure of voter information, involving some 9.5 billion data points related to 198 million U.S. voters.

Attention-getting stuff. And since the story involved the Republican National Committee (RNC), the hype was intensified. Somewhat imprecisely, many articles characterized the incident as a data “leak”, “breach”, or “compromise” — again, adding to the intensity, but not the accuracy of what actually happened.

I’m not trying to minimize the seriousness of the issue — the potential damage was enormous as were the implications regarding security and privacy. But now that some of the dust has settled, it’s time to back away from the headlines and explore what actually happened.